In my last post I showed a simple script to identify users that have not logged on in the last 180 days and export basic information to a CSV file. This allowed you to look through the list and determine if the users were valid and really did include the users that you wanted to target for disabling. Once you are comfortable with the users you are targeting, it’s time to disable them. The following script will again set the population that is over 180 days since last logon, then disable them, then move them to a designated disabled users OU.
$Dusers = Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 180.00:00:00 | ?{$_.enabled -eq $True}
Disable-ADAccount $Dusers
Get-ADUser -Properties * -Filter * | ? Enabled -eq $False | Move-ADObject “OU=DisabledUsers,DC=YourDomain,DC=Local”
* Looks at Users older than 180 days within the whole domain, that are not already disabled, disables them, and moves them the DisabledUsers OU for YourDomain.Local.
If you are looking to target a particular OU of users you can simply add the –SearchBase following by the distinguished name of the OU you want to search in like the following.
$Dusers = Search-ADAccount –SearchBase “OU=YourUsers,DC=YourDomain,DC=Local” -UsersOnly -AccountInactive -TimeSpan 180.00:00:00 | ?{$_.enabled -eq $True}
Disable-ADAccount $Dusers
Get-ADUser -Properties * -Filter * | ? Enabled -eq $False | Move-ADObject “OU=DisabledUsers,DC=YourDomain,DC=Local”
* Looks at Users older than 180 days in a particular Organization Unit that are not already disabled, disables them, and moves them the DisabledUsers OU for YourDomain.Local.
VirtuallyAware 
Pingback: Active Directory Script Highlight: Identify Old Computer Objects Before AD Migrations | VirtuallyAware